Results 1 to 15 of 15

Thread: Mailer-daemon@

  1. #1
    Registered Member
    Join Date
    Sep 2003
    Posts
    11

    Post Mailer-daemon@

    Hello everyone,

    I'm receving thousand of these e-mails...i've have added
    filters on my cpanel but seems these kind of
    e-mails bypass the cpanel filters....

    Some ideas on how to solve this

    Thanks



    From: MAILER-DAEMON@mail.theserverbiz.com



    Return-path: <>
    Envelope-to: info@MYDOMAIN.com
    Delivery-date: Sun, 18 Jul 2004 11:20:36 -0500
    Received: from [203.107.133.45] (helo=mail.theserverbiz.com)
    by myserver.com with smtp (Exim 4.34)
    id 1BmEOw-0006lV-IJ
    for info@MYDOMAIN.com; Sun, 18 Jul 2004 11:20:35 -0500
    Received: (qmail 79913 invoked for bounce); 18 Jul 2004 16:07:14 -0000
    Date: 18 Jul 2004 16:07:14 -0000
    From: MAILER-DAEMON@mail.theserverbiz.com
    To: info@MYDOMAIN.com
    Subject: failure notice

    Hi. This is the qmail-send program at mail.theserverbiz.com.
    I'm afraid I wasn't able to deliver your message to the following addresses.
    This is a permanent error; I've given up. Sorry it didn't work out.

    <jaloja@piercingexports.com>:
    Sorry, no mailbox here by that name. vpopmail (#5.1.1)

    --- Below this line is a copy of the message.

    Return-Path: <info@MYDOMAIN.com>
    Received: (qmail 79107 invoked from network); 18 Jul 2004 16:05:50 -0000
    Received: from host16-102.pool80116.interbusiness.it (HELO mail.piercingexports.com) (80.116.xxx.xx)
    by 0 with SMTP; 18 Jul 2004 16:05:50 -0000
    Message-ID: <x737259001.3914723911236841938@grqldlduj>
    From: jpeg <info@MYDOMAIN.com>
    To: <jaloja@piercingexports.com>
    Subject: jpeg
    Date: dom, 18 lug 2004
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
    boundary="----=_Part_16461_4414287.7418427666853"
    X-Priority: 3
    Microsoft Outlook Express 5.00.2314.1300

    ------=_Part_16461_4414287.7418427666853
    Content-Type: text/plain;
    charset="iso-8859-2"
    Content-Transfer-Encoding: quoted-printable

    Surprise!

    ------=_Part_16461_4414287.7418427666853
    Content-Type: application/octet-stream;
    name="Surprise.com"
    Content-Transfer-Encoding: base64
    Content-Disposition: attachment;
    filename="Surprise.com"

  2. #2
    Registered Member
    Join Date
    Sep 2003
    Posts
    11

    Default

    up...some ideas?

  3. #3
    Registered Member
    Join Date
    Jun 2004
    Location
    Canada
    Posts
    378

    Default

    your server is either

    1. infected by a trojan
    2. rooted
    3. one of your clients or someone is spamming!

    those are likely situations
    Sheldon King
    Server Adminisrator
    http://www.forgehosting.com

  4. #4
    Registered Member
    Join Date
    Sep 2003
    Posts
    11

    Default

    the problem is how are these e-mail bypassing cpanels filters?

  5. #5
    Registered Member
    Join Date
    Jun 2004
    Location
    Canada
    Posts
    378

    Exclamation

    possibilities

    1. youve been rooted
    2. mailerdaemons always bypass filters :P

    you should never use filters on them anyways.. you should always recieve them
    how else do you know if there is a problem if you never recieve them... they are not a
    simple annoyance problem. they are there for a reason... :P

    Sheldon
    Sheldon King
    Server Adminisrator
    http://www.forgehosting.com

  6. #6
    Registered Member
    Join Date
    Sep 2003
    Posts
    11

    Default

    i agree with you but i'm receiving thousand of e-mails just like the one i post, no way to block it ?

  7. #7
    Registered Member
    Join Date
    Jun 2004
    Location
    Canada
    Posts
    378

    Default

    use your mail client filters to delete the emails!

    and .. then id suggest forking over lotsa $$ to have your server fixed...

    either that backup personal files only and format!
    Sheldon King
    Server Adminisrator
    http://www.forgehosting.com

  8. #8
    Registered Member Leandro's Avatar
    Join Date
    Sep 2003
    Posts
    48

    Default

    Hello:

    I have the same problem and fix it renaming the senmail link

    I hope it helps you !!!

  9. #9
    Registered Member This forum account has been confirmed by cPanel staff to represent a vendor. chirpy's Avatar
    Join Date
    Jun 2002
    Location
    Go on, have a guess
    Posts
    13,499

    Default

    1. infected by a trojan
    2. rooted
    3. one of your clients or someone is spamming!
    Nope, that's wrong.

    If you look at the bounced email header you'll see that the last received header record (the only one you can trust) comes from host16-102.pool80116.interbusiness.it - a dialup port.

    What you're suffering from is spam bounces where you are the innocent party in a forged header that has your email address in the from field.

    Unfortunately, there's little you can do about this other than ride it out. You ought not filter out mailer-daemon emails as they are the last resort for delivery failure notification and are essential for tracking down mailing issues.

    these things usually blow over after 24-48 hours.
    Jonathan Michaelson

    cPanel Server Configuration, Security and Antivirus/AntiSpam Services
    http://www.configserver.com

  10. #10
    Registered Member Leandro's Avatar
    Join Date
    Sep 2003
    Posts
    48

    Default

    Are there any way to fix it finaly?

    renaming sendmail some local delivery fails... but doing it for a few minutes, the sent stops...

    How can we stop this ****************ing spammers ???

    thanks a lot !!!

  11. #11
    Registered User
    Join Date
    Sep 2004
    Posts
    3

    Default

    Solution, re-install and restore a backup. PPL think I'm insane for backing up everynight, sometimes twice a day but issues like this are exactly why I do them. rsync -azv -H -e has always did me right

  12. #12
    Registered Member
    Join Date
    Sep 2003
    Posts
    11

    Default

    Quote Originally Posted by chirpy
    Nope, that's wrong.

    If you look at the bounced email header you'll see that the last received header record (the only one you can trust) comes from host16-102.pool80116.interbusiness.it - a dialup port.

    What you're suffering from is spam bounces where you are the innocent party in a forged header that has your email address in the from field.

    Unfortunately, there's little you can do about this other than ride it out. You ought not filter out mailer-daemon emails as they are the last resort for delivery failure notification and are essential for tracking down mailing issues.

    these things usually blow over after 24-48 hours.
    Chirpy you where right, actually after 20 days with thousand and thousand of e-mails things got fixed .

  13. #13
    Registered Member
    Join Date
    Dec 2003
    Posts
    32

    Default

    Roll on SPF!

    Im having the same problem, but with 600,000 mails in the queue.

    Does anyone know a quick way a clearing exims queue?

  14. #14
    Registered Member
    Join Date
    May 2004
    Posts
    114

    Default

    Easy go to your WHM ROOT go to exim and discard

  15. #15
    Registered Member
    Join Date
    Feb 2003
    Posts
    254

    Default

    Quote Originally Posted by Leandro
    Hello:

    I have the same problem and fix it renaming the senmail link

    I hope it helps you !!!
    What do you mean by "renaming the sendmail link"?

    Thanks
    Mike

Similar Threads

  1. How do I get all the bounced e-mails from Mailer Daemon?
    By Vatoloco in forum E-mail Discussions
    Replies: 1
    Last Post: 01-31-2011, 12:09 AM
  2. Mailer-Daemon domain per reseller
    By bhappy in forum E-mail Discussions
    Replies: 0
    Last Post: 12-08-2009, 02:35 PM
  3. mailer-daemon anonim reseller
    By marius in forum cPanel & WHM Discussions
    Replies: 0
    Last Post: 11-16-2006, 01:47 AM
  4. Changing where mailer-daemon notices go
    By yitc in forum cPanel & WHM Discussions
    Replies: 2
    Last Post: 12-08-2004, 09:56 PM
  5. Should Mailer-Daemon be in /etc/aliases?
    By Stefaans in forum cPanel & WHM Discussions
    Replies: 0
    Last Post: 09-29-2003, 10:39 AM
bargain